سیستم تشخیص نفوذ براساس یک مدل کمی
ترجمه نشده

سیستم تشخیص نفوذ براساس یک مدل کمی

عنوان فارسی مقاله: یک سیستم تشخیص نفوذ براساس یک مدل کمی حالت تعامل بین درگاه ها
عنوان انگلیسی مقاله: An Intrusion Detection System Based on a Quantitative Model of Interaction Mode Between Ports
مجله/کنفرانس: دسترسی – IEEE Access
رشته های تحصیلی مرتبط: مهندسی کامپیوتر، مهندسی فناوری اطلاعات
گرایش های تحصیلی مرتبط: هوش مصنوعی، شبکه های کامپیوتری
کلمات کلیدی فارسی: تشخیص ناهنجاری، حالت تعامل بین درگاه ها، تشخیص نفوذ، شبکه عصبی، بازسازی فضای فاز
کلمات کلیدی انگلیسی: Anomaly detection, interaction mode between ports, intrusion detection, neural network, phase space reconstruction
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1109/ACCESS.2019.2951839
دانشگاه: Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Tianjin University of Technology, Tianjin 300384, China
صفحات مقاله انگلیسی: 16
ناشر: آی تریپل ای - IEEE
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2019
ایمپکت فاکتور: 4.641 در سال 2018
شاخص H_index: 56 در سال 2019
شاخص SJR: 0.609 در سال 2018
شناسه ISSN: 2169-3536
شاخص Quartile (چارک): Q2 در سال 2018
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
آیا این مقاله مدل مفهومی دارد: ندارد
آیا این مقاله پرسشنامه دارد: ندارد
آیا این مقاله متغیر دارد: ندارد
کد محصول: E13988
رفرنس: دارای رفرنس در داخل متن و انتهای مقاله
فهرست مطالب (انگلیسی)

Abstract

I. Introduction

II. Related Works

III. PIMDL Model and its Characteristic Analysis

IV. Neural Network and Intrusion Detection

V. Experimental Results Analysis

Authors

Figures

References

بخشی از مقاله (انگلیسی)

Abstract

Considering the characteristics of network traffic on the data link layer, such as massive highspeed data flow, information camouflaged easily, and the phenomenon that abnormal traffic is much smaller than the normal one, an intrusion detection system (IDS) based on the quantitative model of interaction mode between ports is proposed. The model gives the quantitative expression of Port Interaction Mode in Data Link Layer (PIMDL), focusing on improving the accuracy and efficiency of the intrusion detection by taking the arrival time distribution of traffic. The feasibility of the model proposed is proved by the phase space reconstruction and visualization method. According to the characteristics of long and short sessions, a neural network based on CNN and LSTM is designed to mine the differences between normal and abnormal models. On this basis, an improved Intrusion Detection algorithm based on a multi-model scoring mechanism is designed to classify sessions in model space. And the experiments show that the quantitative model and the improved algorithm proposed can not only effectively avoid camouflage identity information, but also improve computational efficiency, as well as increase the accuracy of small sample anomaly detection.

Introduction

To avoid the serious losses caused by network attacks, it is important to build an effective intrusion detection model to explore the existing characteristic rules in mass traffic data. As a branch of machine learning, deep learning can recognize the internal law of a certain kind of things to the maximum through training multilayer neural network, so it has a unique advantage to explore the internal law of abnormal attack traffic in massive network traffic data. Among the many problems involved in intrusion detection, the anomaly detection method is the most important one, and its key point is to design a feature set that can accurately describe network traffic [1], [2]. At present, many data sets, such as KDD’۹۹ [۳], NSL-KDD [4], UNSW-NB15 [5], CIC-IDS-2017 [6], ISCX [7], which are widely used in intrusion detection systems, have a large capacity and rich characteristics, and the neural network can be used to mine the internal rules of these data sets to realize the intrusion detection. There are a lot of achievements in previous studies, while ignoring several problems. Firstly, to obtain the previous feature set from the initial traffic, it is necessary to check all the traffic data in the first two seconds and the first 100 connections at the end of the session, however, the intrusion detection system cannot be too complex because of the massive and high-speed traffic characteristics, in practice, according to previous research methods, building feature sets from the real-time generated initial traffic will cause a lot of computational burdens. Secondly, previous studies have trained neural networks based on a large number of high-level protocol information (e.g. logon status, flag). When attackers camouflage these attributes, the classification accuracy of neural networks will be greatly affected.